<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
<% //Grab the username and emp_id from the session
String emp_id=(String)session.getAttribute("emp_id");
int ei=Integer.parseInt(emp_id);
String user_name=(String)session.getAttribute("userName");
String old_pass=request.getParameter("old_pass");
String new_pass=request.getParameter("new_pass");
String new_re_pass=request.getParameter("new_re_pass");
String database_pass=null;
%>

<%
if(new_pass.equals(new_re_pass)){
String update_pass="update login set login.password='"+new_pass+"' where login.emp_id='"+ei+"'";
String query="select password from login where emp_id='"+ei+"'";
Connection db_conn = null;
Statement statement = null;
PreparedStatement pstmt;
ResultSet rs;
try{
Class.forName("com.mysql.jdbc.Driver");
String url= "jdbc:mysql://localhost:3306/db";
db_conn = DriverManager.getConnection( url,"root", "root" );
statement = db_conn.createStatement();

rs=statement.executeQuery(query);
while (rs.next()) { // parse the results
database_pass=rs.getString("password");
}
if(old_pass.equals(database_pass)){
    statement.executeUpdate(update_pass);
    out.println("password change successful");
    }
else{
    out.println("sorry you typed old password mistake");
}

db_conn.close();
} catch(SQLException e){
e.printStackTrace();
out.println("sql not found");
out.println(e);
} catch(ClassNotFoundException e){
e.printStackTrace();
out.println(e);
}


%>
<%
}else{
 out.println("sorry password don't match");
 }
 %>